You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: 'How to use two-factor authentication and other security controls in the Linode Manager.'
6
-
og_description: 'This guide describes the security features of the Linode Manager, including two-factor authentication, IP address whitelisting, API access controls, forced password expiration, and more.'
6
+
og_description: 'This guide describes the security features of the Linode Manager, including two-factor authentication, API access controls, forced password expiration, and more.'
The [Linode Manager](https://manager.linode.com) is the gateway to your Linode products and services, and you should take steps to protect it from unauthorized access. Linode supports and recommends implementing the following security measures:
22
+
The [Classic Manager](https://manager.linode.com) is the gateway to your Linode products and services, and you should take steps to protect it from unauthorized access. Linode supports and recommends implementing the following security measures:
1. Configure and monitor [event notifications](#linode-event-notifications).
29
27
30
28
These measures make it much more difficult for someone else to log in to your account without your knowledge. However, you should also take steps to make sure you don't accidentally lock yourself out of your account, too. Here are a few things you can do to minimize the chance of that happening:
@@ -38,7 +36,7 @@ These measures make it much more difficult for someone else to log in to your ac
38
36
The following sections describe these measures in more detail.
39
37
40
38
{{< note >}}
41
-
These measures describe security controls for the Linode Manager and API, which are distinct from the authorization protocols for your individual servers. If you are collaborating with other people to work on your services, or if you are concerned about unauthorized access to your Linodes, review the [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide for more on how to control access to your servers.
39
+
These measures describe security controls for the Classic Manager and API, which are distinct from the authorization protocols for your individual servers. If you are collaborating with other people to work on your services, or if you are concerned about unauthorized access to your Linodes, review the [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide for more on how to control access to your servers.
42
40
{{< /note >}}
43
41
44
42
## Two-Factor Authentication
@@ -58,43 +56,43 @@ In this analogy, your card's PIN is akin to your Linode account's password, and
1. Click the **my profile** link at the top right corner of the Linode Manager.
59
+
1. Click the **my profile** link at the top right corner of the Classic Manager.
62
60
63
61
1. Re-authenticate using your Linode user's password.
64
62
65
-
1. From the **Password & Authentication** page of the Linode Manager, click **Enable Two-Factor Authentication**.
63
+
1. From the **Password & Authentication** page of the Classic Manager, click **Enable Two-Factor Authentication**.
66
64
67
65
1. You'll then be shown a secret key and a QR code. **The key will be shown only once. Do not refresh this page until you have configured a 2FA app on your phone.** Write down the secret key and store it in a safe place. If you get locked out of your account, [contact support](/docs/support) to regain access.
68
66
69
67
1. Open your phone's 2FA app and add a new account.
70
68
71
-
1. Scan the QR code shown in the Linode Manager. Your 2FA app will create a new login token labeled *LinodeManager:user*.
69
+
1. Scan the QR code shown in the Classic Manager. Your 2FA app will create a new login token labeled *LinodeManager:user*.
72
70
73
71
1. Enter the token from your 2FA app in the **Generated Token** field of the page above. Click **Confirm my token, and enable two-factor auth!**
74
72
75
73
1. Note the scratch code and store it in a secure place. **This is important.** You will use this code if your 2FA device is not available.
76
74
77
75
### Log in with Two-Factor Authentication
78
76
79
-
1. Open the [Linode Manager](https://manager.linode.com) in your web browser and log in as normal using your username and password. The authentication code text field will then appear.
77
+
1. Open the [Classic Manager](https://manager.linode.com) in your web browser and log in as normal using your username and password. The authentication code text field will then appear.
80
78
81
79
1. Open the 2FA app on your smartphone, then select your *LinodeManager:user* account.
82
80
83
81
1. Enter the 2FA token from your phone and click **Authenticate**. Checking the box below the authentication option will add your computer to the trusted computer list for 30 days and generate a confirmation email to the address on file for your account.
84
82
85
83
### Record Your Scratch Code
86
84
87
-
In the event that your smartphone is unavailable or your secret key is lost, you can use a one-time scratch code to log back in to the Linode Manager and regenerate the key. Scratch codes are disabled by default. **We highly recommend you generate a scratch code** and store it somewhere accessible and secure.
85
+
In the event that your smartphone is unavailable or your secret key is lost, you can use a one-time scratch code to log back in to the Classic Manager and regenerate the key. Scratch codes are disabled by default. **We highly recommend you generate a scratch code** and store it somewhere accessible and secure.
88
86
89
-
1. Return to the **Password & Authentication** tab in the Linode Manager and click the **generate** link to create a scratch code.
87
+
1. Return to the **Password & Authentication** tab in the Classic Manager and click the **generate** link to create a scratch code.
90
88
91
89
1. A pop-up will appear asking you to confirm the action. Click **OK**.
92
90
93
91
1. The scratch code will then be shown. **This code will be displayed only once**--copy or write it down and store it somewhere safe.
94
92
95
93
### Generate a New Key
96
94
97
-
The Linode Manager allows you to generate a new secret key for your two-factor authentication device. This is useful if you buy a new phone or otherwise need to set up a new 2FA app. To generate a new secret key:
95
+
The Classic Manager allows you to generate a new secret key for your two-factor authentication device. This is useful if you buy a new phone or otherwise need to set up a new 2FA app. To generate a new secret key:
98
96
99
97
1. Return to the **Password & Authentication** tab.
100
98
@@ -104,7 +102,7 @@ The Linode Manager allows you to generate a new secret key for your two-factor a
104
102
105
103
### Disable Two-Factor Authentication
106
104
107
-
You can disable two-factor authentication for your Linode Manager account at any time.
105
+
You can disable two-factor authentication for your Classic Manager account at any time.
108
106
109
107
1. Return to the **Password & Authentication** tab.
110
108
@@ -114,58 +112,18 @@ You can disable two-factor authentication for your Linode Manager account at any
114
112
115
113
### Recovery Procedure
116
114
117
-
If you lose your token and get locked out of the Linode Manager, email <[email protected]> to regain access to your account. Should you need us to disable your Two-Factor Authentication, the following information is required:
115
+
If you lose your token and get locked out of the Classic Manager, email <[email protected]> to regain access to your account. Should you need us to disable your Two-Factor Authentication, the following information is required:
118
116
119
117
1. An image of the front and back of the payment card currently associated with your account, which clearly shows the last 6 digits, expiration date, and cardholder name.
120
118
2. An image of the front and back of a matching government-issued photo ID.
121
119
122
-
## IP Address Whitelisting
123
-
124
-
IP address whitelisting restricts access to the Linode Manager to a set of IPs that you specify.
125
-
126
-
### Enable Whitelisting
127
-
128
-
1. Find and write down the IP address and netmask assigned to you by your ISP. They will usually be given on a statistics or dashboard page of your home router's admin panel.
129
-
130
-
1. Click the **my profile** link at the top right corner of the Linode Manager.
131
-
132
-
1. Re-authenticate using your Linode user's password.
133
-
134
-
1. Go to the **Password & Authentication** tab of the Linode Manager.
135
-
136
-
1. In the *Account Security* section, select **ENABLED - Alerts will be sent and whitelisting will be enforced** from the **Status** menu.
137
-
138
-
1. Click **Save security setting**. The IP address whitelist feature will be enabled.
139
-
140
-
1. Click **Edit Whitelist** to add your IP address.
141
-
142
-
1. Enter your IP address and netmask, then click **Add IP**. You can add as many IP addresses as you want.
143
-
144
-
### Add Additional IP Addresses Remotely
145
-
146
-
If you need to log in to the Manager from a new location:
147
-
148
-
1. Attempt to log in to the Linode Manager from the new IP address, which will trigger an email notification from Linode which describes this login.
149
-
150
-
1. This email includes a link which whitelists the new IP. Click the link to add it to your whitelist.
151
-
152
-
1. Attempt your Linode Manager login again, which should now be successful.
153
-
154
-
### Disable Whitelisting
155
-
156
-
1. Return to the **Password & Authentication** tab.
157
-
158
-
1. In the *Account Security* section, select **DISABLED - No alerts will be sent and whitelisting will not be required** from the **Status** menu.
159
-
160
-
1. Click **Save security setting**.
161
-
162
120
## Linode Event Notifications
163
121
164
-
By default, the Linode Manager automatically sends event notifications via email when any jobs are added to the *Host Job Queue* of one of your Linodes. Monitoring these emails will help you detect potential unusual activity on your servers, which could be a sign of an unauthorized login. You can also subscribe to an RSS feed of these notifications.
122
+
By default, the Classic Manager automatically sends event notifications via email when any jobs are added to the *Host Job Queue* of one of your Linodes. Monitoring these emails will help you detect potential unusual activity on your servers, which could be a sign of an unauthorized login. You can also subscribe to an RSS feed of these notifications.
165
123
166
124
To review your event notification settings:
167
125
168
-
1. Click the **my profile** link at the top right corner of the Linode Manager.
126
+
1. Click the **my profile** link at the top right corner of the Classic Manager.
169
127
170
128
1. Re-authenticate using your Linode user's password.
171
129
@@ -189,14 +147,14 @@ This backup user should be created with unrestricted permissions so that you can
189
147
190
148
If you have multiple individuals accessing the same Linode account, you should create separate user accounts for each individual. Once you've created the accounts, you can assign permissions to restrict access to certain areas of the control panel.
191
149
192
-
This is useful for groups that need to grant all team members access to the Linode Manager, or perhaps if you just want the billing department to have a separate account to receive invoices and billing information. The [Accounts and Passwords](/docs/platform/manager/accounts-and-passwords/) guide provides more information on user creation and permissions. The [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide is also available and describes best practices when hiring a developer.
150
+
This is useful for groups that need to grant all team members access to the Classic Manager, or perhaps if you just want the billing department to have a separate account to receive invoices and billing information. The [Accounts and Passwords](/docs/platform/manager/accounts-and-passwords/) guide provides more information on user creation and permissions. The [Create an Account for a Developer to Work on Your Linode](/docs/platform/create-limited-developer-account/) guide is also available and describes best practices when hiring a developer.
193
151
194
152
### API Access
195
153
196
-
The [Linode API](https://www.linode.com/api/) is a programmatic interface for many of the features available in the Linode Manager. For this reason, the Linode Manager provides two security controls for your account's API key. First, you can generate a new API key if you suspect that your existing key has been compromised. And if you're not using the API key, you can remove access to it altogether.
154
+
The [Linode API](https://www.linode.com/api/) is a programmatic interface for many of the features available in the Classic Manager. For this reason, the Classic Manager provides two security controls for your account's API key. First, you can generate a new API key if you suspect that your existing key has been compromised. And if you're not using the API key, you can remove access to it altogether.
197
155
198
156
See the [API Key](/docs/platform/api/api-key/) article for details.
199
157
200
158
### Force Password Expirations
201
159
202
-
Your company's policy may require users to change their passwords after a fixed interval of time. The Linode Manager can be configured to require password resets every 1, 3, 6, or 12 months. For more information, see the documentation on [Passwords in the Linode Manager](/docs/platform/accounts-and-passwords/#passwords).
160
+
Your company's policy may require users to change their passwords after a fixed interval of time. The Classic Manager can be configured to require password resets every 1, 3, 6, or 12 months. For more information, see the documentation on [Passwords in the Classic Manager](/docs/platform/accounts-and-passwords/#passwords).
0 commit comments